Results 1 to 3 of 3
Hi,
Appreciate any advice on iptables with ftp connection tracking.The script
below seem to work fine but I am not sure what am I missing. Did I
comprise any security ...
- 01-19-2009 #1Just Joined!
- Join Date
- Jan 2009
- Posts
- 2
iptables ftp connection tracking
Hi,
Appreciate any advice on iptables with ftp connection tracking.The script
below seem to work fine but I am not sure what am I missing. Did I
comprise any security issue with iptables with regards to ftp and
connection tracking? You notice that I have not use state module to
monitor the connection but still works. Thanks.
---snip---
UNPRIVPORTS="1024:65335"
#Allow FTP traffic (Control)
iptables -A INPUT -p tcp --sport $UNPRIVPORTS --dport 21 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 21 --dport $UNPRIVPORTS -j ACCEPT
#Allow FTP traffic (Data)
iptables -A INPUT -p tcp --sport $UNPRIVPORTS --dport 20 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 20 --dport $UNPRIVPORTS -j ACCEPT
---snip---
Thanks.
Dino
- 01-20-2009 #2Linux Guru
- Join Date
- Jun 2004
- Location
- The Key Stone State
- Posts
- 2,045
I would have just tracked ftp connections with 'ip_conntrack_ftp'. Then there is no need to the rules for port 20 as the ftp conntrack would know and allow this connection. As it stands now anyone could still try to establish a connection on port 20.
- 01-22-2009 #3Just Joined!
- Join Date
- Jan 2009
- Posts
- 2
Thank you!
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
